fix($compile): properly handle setting srcset to undefined
Previously, calling `Attributes#$set('srcset', value)` on an `<img>` element would throw if `value`
were undefined, as it assumed `value` is always a string.
This commit fixes the issue, by skipping the unnecessary string manipulation when `value` is not
defined.
Closes #14470
Closes #14493
This commit is contained in:
committed by
Georgios Kalpakas
parent
92752e5b42
commit
2310e1090a
+1
-1
@@ -1447,7 +1447,7 @@ function $CompileProvider($provide, $$sanitizeUriProvider) {
|
||||
(nodeName === 'img' && key === 'src')) {
|
||||
// sanitize a[href] and img[src] values
|
||||
this[key] = value = $$sanitizeUri(value, key === 'src');
|
||||
} else if (nodeName === 'img' && key === 'srcset') {
|
||||
} else if (nodeName === 'img' && key === 'srcset' && isDefined(value)) {
|
||||
// sanitize img[srcset] values
|
||||
var result = "";
|
||||
|
||||
|
||||
@@ -9394,6 +9394,27 @@ describe('$compile', function() {
|
||||
|
||||
describe('img[srcset] sanitization', function() {
|
||||
|
||||
it('should not error if undefined', function() {
|
||||
var linked = false;
|
||||
module(function() {
|
||||
directive('setter', valueFn(function(scope, elem, attrs) {
|
||||
attrs.$set('srcset', 'http://example.com/');
|
||||
expect(attrs.srcset).toBe('http://example.com/');
|
||||
|
||||
attrs.$set('srcset', undefined);
|
||||
expect(attrs.srcset).toBeUndefined();
|
||||
|
||||
linked = true;
|
||||
}));
|
||||
});
|
||||
inject(function($compile, $rootScope) {
|
||||
element = $compile('<img setter></img>')($rootScope);
|
||||
|
||||
expect(linked).toBe(true);
|
||||
expect(element.attr('srcset')).toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
it('should NOT require trusted values for img srcset', inject(function($rootScope, $compile, $sce) {
|
||||
element = $compile('<img srcset="{{testUrl}}"></img>')($rootScope);
|
||||
$rootScope.testUrl = 'http://example.com/image.png';
|
||||
|
||||
@@ -28,5 +28,10 @@ describe('ngSrcset', function() {
|
||||
$rootScope.$digest();
|
||||
expect(element.attr('srcset')).toBe('http://example.com/image1.png 1x,unsafe:javascript:doEvilStuff() 2x');
|
||||
}));
|
||||
|
||||
it('should not throw an error if undefined', inject(function($rootScope, $compile) {
|
||||
element = $compile('<img ng-attr-srcset="{{undefined}}">')($rootScope);
|
||||
$rootScope.$digest();
|
||||
}));
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user